2077662 – AWS Platform Provisioning Check incorrectly identifies record as part of domain of cluster

Bug 2077662 - AWS Platform Provisioning Check incorrectly identifies record as part of domain of cluster

Summary: AWS Platform Provisioning Check incorrectly identifies record as part of doma...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.10
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.11.0
Assignee:	Nobody
QA Contact:	Yunfei Jiang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-04-21 20:30 UTC by Johnathan Kupferer
Modified:	2022-08-10 11:08 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	Cause: The installer misidentifies records as part of the DNS domain, because it has the same suffix when it should be checking only if it has a ".". The problem occurs when the cluster base domain is the suffix of the DNS record but the name is not actually a part of the domain. baseDomain: "openshift.redhatworkshops.io" DNS Record: "bastion-shared410.openshift.redhatworkshops.io" Consequence: A trailing "." in the variable that is compared to determine if it is part of domain is causing records to be ignored when they shouldn't. Fix: Change if !strings.HasSuffix(name, dottedClusterDomain) to if !strings.HasSuffix("." + name, dottedClusterDomain) in order to appropriately compare the name to determine if it is part of the domain. Result: The provisioning will work correctly for AWS.
Clone Of:
Environment:
Last Closed:	2022-08-10 11:08:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift installer pull 5831	0	None	open	Bug 2077662: Fix AWS Platform Provisioning Check	2022-04-29 16:50:40 UTC
Red Hat Product Errata	RHSA-2022:5069	0	None	None	None	2022-08-10 11:08:24 UTC

Description Johnathan Kupferer 2022-04-21 20:30:23 UTC

Thanks for opening a bug report!
Before hitting the button, please fill in as much of the template below as you can.
If you leave out information, it's harder to help you.
Be ready for follow-up questions, and please respond in a timely manner.
If we can't reproduce a bug we might close your issue.
If we're wrong, PLEASE feel free to reopen it and explain why.

Version:

$ openshift-install version
openshift-install 4.10.6
built from commit 17c2fe7527e96e250e442a15727f7558b2fb8899
release image quay.io/openshift-release-dev/ocp-release@sha256:88b394e633e09dc23aa1f1a61ededd8e52478edf34b51a7dbbb21d9abde2511a
release architecture amd64

Platform:

aws

Please specify:
* IPI

What happened?

When attempting to install a cluster with an installConfig.yaml with:

    metadata:
      name: "shared-410"
    baseDomain: "openshift.redhatworkshops.io"

It finds the DNS record "bastion-shared-410.openshift.redhatworkshops.io" and fails with an error:

   "Platform Provisioning Check": <nil>: Invalid value: "": the zone already has record sets for the domain of the cluster: [bastion-shared-410.openshift.redhatworkshops.io. (A)]"

The DNS domain "bastion-shared-410.openshift.redhatworkshops.io" is not part of the domain of the cluster, it only happens to end with the same string value as the domain of the cluster.

The error appears to be at:

https://github.com/openshift/installer/blob/master/pkg/asset/installconfig/aws/validation.go#L463

    if !strings.HasSuffix(name, dottedClusterDomain) 

The definition of "dottedClusterDomain" is:

    dottedClusterDomain := ic.ClusterDomain() + "."

This causes the installer to misidentify this record as part of the DNS domain simply because it has the same suffix when it should be checking only if it has a "." then this suffix, something like:

    if !strings.HasSuffix("." + name, dottedClusterDomain) 


What did you expect to happen?

The installer should not consider this host to be part of the cluster domain.

How to reproduce it (as minimally and precisely as possible)?

Simply create a DNS record in the baseDomain with a name like "foo-<clusterName>".

Anything else we need to know?

https://github.com/openshift/installer/pull/5831

Comment 3 Yunfei Jiang 2022-05-09 04:14:29 UTC

verified. PASS.
OCP version: 4.11.0-0.nightly-2022-05-08-193101

Comment 6 errata-xmlrpc 2022-08-10 11:08:03 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069

Note You need to log in before you can comment on or make changes to this bug.